> snyk
Find and fix vulnerabilities in code and dependencies with Snyk. Use when a user asks to scan for security vulnerabilities, audit npm packages, check Docker images for CVEs, or integrate security into CI/CD.
curl "https://skillshub.wtf/TerminalSkills/skills/snyk?format=md"Snyk
Overview
Snyk finds and fixes vulnerabilities in open-source dependencies, container images, IaC configs, and code. Integrates into CLI, CI/CD, Git repos, and IDEs.
Instructions
Step 1: Setup
npm install -g snyk
snyk auth
Step 2: Scan Dependencies
snyk test # test for vulnerabilities
snyk monitor # continuous monitoring
snyk fix # auto-fix vulnerabilities
Step 3: Container Scanning
snyk container test node:20-alpine
snyk container test my-app:latest --file=Dockerfile
Step 4: IaC Scanning
snyk iac test # scan Terraform, K8s manifests
snyk iac test --report # upload to dashboard
Guidelines
- Free tier: 200 dependency tests/month, unlimited container tests.
- Use
--severity-threshold=highin CI to fail only on critical issues. snyk fixauto-generates PRs with dependency upgrades.- Alternatives: npm audit (basic), GitHub Dependabot (free), Socket.dev (supply chain).
> related_skills --same-repo
> zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
> zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
> xero-accounting
Integrate with the Xero accounting API to sync invoices, expenses, bank transactions, and contacts — and generate financial reports like P&L and balance sheet. Use when: connecting apps to Xero, automating bookkeeping workflows, syncing accounting data, or pulling financial reports programmatically.
> windsurf-rules
Configure Windsurf AI coding assistant with .windsurfrules and workspace rules. Use when: customizing Windsurf for a project, setting AI coding standards, creating team-shared Windsurf configurations, or tuning Cascade AI behavior.